Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4110

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2008-4110
Last Modified 04 Apr 2009 01:34:52
Published 16 Sep 2008 06:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-4110

Summary

Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.

Vulnerable Systems

Application

  • Microsoft Sql Server 2000


References

XF - mssql-sqlvdir-bo(45186)

BID - 31129

BUGTRAQ - 20080911 sqlvdir.dll ActiveX Remote Buffer Overflow Exploit

SREASON - 4262


Last Updated: 27 May 2016 10:48:23